Reference Guide
Security | 1049
Defaults
Not configured.
Command Modes
CONFIGURATION
Command History
Usage Information
To list multiple TACACS+ servers to be used by the aaa authentication login command, configure this
command multiple times.
If you are not configuring the switch as a TACACS+ server, you do not need to configure the port,
timeout and key optional parameters. If you do not configure a key, the key assigned in the
tacacs-server key command is used.
Related
Commands
tacacs-server key
c e s z
Configure a key for communication between a TACACS+ server and client.
Syntax
tacacs-server key [encryption-type] key
To delete a key, use the no tacacs-server key key
Parameters
Defaults
Not configured.
Command Modes
CONFIGURATION
timeout seconds (OPTIONAL) Enter the keyword timeout followed by the number of seconds
the switch waits for a reply from the TACACS+ server.
Range: 0 to 1000
Default: 10 seconds
key key (OPTIONAL) Enter the keyword key followed by a string up to 42 characters
long as the authentication key. This authentication key must match the key
specified in the tacacs-server key for the TACACS+ daemon.
Configure this parameter last because leading spaces are ignored.
Version 9.0.0.0 Added support for IPv6
Version 8.3.11.1 Introduced on Z9000
Version 7.7.1.0 Authentication key length increased to 42 characters
Version 7.6.1.0 Introduced for S-Series
Version 7.5.1.0 Introduced for C-Series
pre-Version 6.2.1.1 Introduced on E-Series
aaa authentication login Specify the login authentication method.
tacacs-server key Configure a TACACS+ key for the TACACS server.
encryption-type (OPTIONAL) Enter either zero (0) or 7 as the encryption type for the key entered.
The options are:
• 0 is the default and means the key is not encrypted and stored as clear text.
• 7 means that the key is encrypted and hidden.
key
Enter a text string, up to 42 characters long, as the clear text password.
Leading spaces are ignored.